On Fri, Dec 11, 2009 at 10:31 AM, Ian Hickson <ian@hixie.ch> wrote:
> On Fri, 11 Dec 2009, Kenton Varda wrote:
> > On Fri, Dec 11, 2009 at 8:40 AM, Ian Hickson <ian@hixie.ch> wrote:
> > >
> > > I think once we've given a site access to the bits coming from the
> > > camera, we've got no way of knowing what the site is doing with the
> > > data, so we have to treat them as equivalent.
> >
> > Well, if there were a way for a script to be prohibited from
> > communicating with anything (remote servers, other processes on the
> > system, etc.), then you could safely give it access to the camera.
> > This could be a useful security property it some cases, but probably
> > isn't worth pursuing for the moment. This relates to the
> > (un-Googlably-named) "*-Property":
> >
> > http://en.wikipedia.org/wiki/Bell-La_Padula_model
>
> You'd also have to block access to the local storage and cookie stores,
> and workers, and block access to other frames and windows, and prevent new
> CSS rules from being added, and prevent the user from clicking any links
> in the page. I'm not sure it'd be particularly useful.
>
I agree.